On Sun 17/Sep/2023 18:58:05 +0200 Ángel via mailop wrote:
On 2023-09-15 at 10:26 +0200, Alessandro Vesely via mailop wrote:
I get this language, on forwarding:
Remote-MTA: dns; gmail-smtp-in.l.google.com [74.125.71.27]
Diagnostic-Code: smtp; 550-5.7.26 Unauthenticated email from intesasanpaolo.com
is not accepted due to
550-5.7.26 domain's DMARC policy. Please contact the administrator of
550-5.7.26 intesasanpaolo.com domain if this was a legitimate mail.
Please
550-5.7.26 visit
550-5.7.26 https://support.google.com/mail/answer/2451690 to learn
about the
550 5.7.26 DMARC initiative.
t16-20020a05600c451000b003fee9453d8csi1042282wmo.59 - gsmtp
MAIL FROM was rewritten so as to pass SPF. ARC sealing the message
provided no benefit except checking, from the bounce, that the body
hash in AMS matched the one on the original DKIM signature, which had
passed. The message was legitimate and none of the signed headers,
h=date:from:to:cc:message-id:subject:mime-version:content-type was
altered. Why should I contact the administrator of the original
sender?
If this message came directly from intesasanpaolo.com (i.e.
intesasanpaolo.com was sending through tana.it server but not listing it on
their SPF), that's something to the administrator of intesasanpaolo.com
could be interested in.
The bank is sending to a user of mine who asked me to forward messages to her
gmail account.
The DKIM pass should have been enough, though...
Comparing the bounced message with the original, it turned out the angle
brackets were removed from the From: address, which is legal since there was no
display-name, but breaks signatures. Still no idea how that happened.
Best
Ale
--
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
